4. Your friend clicked on a link that resembled the I.M. page and she filled in her details (ID & password) without realising what she was doing. I've seen this attack on Yahoo Messenger, someone sends out a link saying something like : "Check this babe out!". When the users click the link they enter a page that is identical to Yahoo Photos (photos.yahoo.com) only it has a really different address (but people tend to ignore that). They are asked to log in with their ID and password and once they fill in their ID and password they see a picture of a babe then they close the site and forget about it, but the people behind the site record the id and password. This attack is also known as phishing.